On Mon, Nov 30, 2015 at 08:22:49AM +1300, Olly Betts wrote:
> On Tue, Sep 15, 2015 at 11:29:00PM +0200, Moritz Mühlenhoff wrote:
> > On Tue, Sep 23, 2014 at 10:26:56PM +0800, Ying-Chun Liu (PaulLiu) wrote:
> > > forwarded 759044 https://github.com/Tribler/tribler/issue
reassign 802713 ftp.debian.org
retitle 802713 RM: audiopreview - dead upstream, unused, depends on legacy libs
thanks
On Thu, Oct 22, 2015 at 12:41:57PM -0700, Chris Taylor wrote:
> I believe that it should be, yes.
Ok. Reassigning the bug, then.
Cheers,
Moritz
reassign 801072 ftp.debian.org
retitle 801072 RM: longomatch - outdated, unmaintained, unused, depends on
legacy libs
thanks
On Mon, Oct 05, 2015 at 11:13:06PM +0200, Moritz Muehlenhoff wrote:
> Package: longomatch
> Severity: serious
>
> The version is in the archive is totally oudated compared
On Sun, Oct 25, 2015 at 07:51:20PM +0100, Thibaut Girka wrote:
> On Sun, Oct 25, 2015 at 07:41:29PM +0100, Moritz Muehlenhoff wrote:
> > Package: bluemindo
> > Severity: serious
> >
> > - Dead upstream (the current 0.3 release is from 2009)
>
> A new major version is on the way and should be rele
On Thu, May 21, 2015 at 12:46:27AM +0200, Emilio Pozuelo Monfort wrote:
> Control: tags -1 upstream fixed-upstream
>
> On 20/05/15 15:03, sl...@debian.org wrote:
> > your package libnice currently still depends on GStreamer 0.10.
>
> We already build gstreamer1.0-nice for gst 1.0, hence tagging a
On Sun, Oct 25, 2015 at 07:51:20PM +0100, Thibaut Girka wrote:
> On Sun, Oct 25, 2015 at 07:41:29PM +0100, Moritz Muehlenhoff wrote:
> > Package: bluemindo
> > Severity: serious
> >
> > - Dead upstream (the current 0.3 release is from 2009)
>
> A new major version is on the way and should be rele
On Wed, Oct 21, 2015 at 01:43:26PM +0100, James Cowgill wrote:
> Hi,
>
> On Tue, 2015-10-20 at 19:37 +0200, Florian Weimer wrote:
> > * James Cowgill:
> [...]
> > > One thing which was suggested was to use 1.3.14 and then disable at
> > > compile time all the new features which may affect the ABI
On Wed, May 20, 2015 at 04:03:06PM +0300, sl...@debian.org wrote:
> Source: turpial
> Severity: important
> User: sl...@debian.org
> Usertags: gstreamer0.10-removal
>
> Hi maintainer,
>
> your package turpial currently still depends on GStreamer 0.10.
>
> GStreamer 0.10 is no longer maintained a
reassign 802708 ftp.debian.org
retitle 802708 RM: gnac - dead upstream, depends on legacy libs
thanks
On Thu, Oct 22, 2015 at 09:02:50PM +0200, Moritz Muehlenhoff wrote:
> Package: gnac
> Severity: serious
>
> The last maintainer upload was 3.5 years ago, the package
> is dead upstream, depends o
On Tue, Oct 27, 2015 at 03:32:17PM +0100, Thibaut Girka wrote:
> On Sun, Oct 25, 2015 at 09:22:53PM +0100, Moritz Mühlenhoff wrote:
> > On Sun, Oct 25, 2015 at 07:51:20PM +0100, Thibaut Girka wrote:
> > > On Sun, Oct 25, 2015 at 07:41:29PM +0100, Moritz Muehlenhoff wrot
reassign 802993 ftp.debian.org
retitle 802993 RM: g2ipmsg - dead upstream, unmaintained, unused, depends on
gstreamer 0.10
thanks
On Sun, Oct 25, 2015 at 09:33:53PM +0100, Moritz Muehlenhoff wrote:
> Package: g2ipmsg
> Severity: serious
>
> - Dead upstream (last release from 2008)
> - Unmaintain
reassign 802995 ftp.debian.org
retitle 802995: RM: alarm-clock - unmaintained, dead upstream, depends on
gstreamer 0.10
thanks
On Sun, Oct 25, 2015 at 09:37:55PM +0100, Moritz Muehlenhoff wrote:
> Package: alarm-clock
> Severity: serious
>
> alarm-clock hasn't seen a maintainer upload since 2009
On Tue, Jun 09, 2015 at 12:48:58AM +0200, Andreas Beckmann wrote:
> Package: elinks
> Version: 0.12~pre6-7
> Severity: serious
> User: debian...@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> an upgrade test with piuparts revealed that your package installs files
> over existing symlinks and p
On Fri, Jun 19, 2015 at 02:07:10PM +0200, Guido Günther wrote:
> Hi,
> On Tue, Jun 16, 2015 at 06:26:31AM +0200, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > A second CVE was assigned for a further issue:
> >
> > http://www.openwall.com/lists/oss-security/2015/06/16/4
> > (CVE-2015-4588).
>
> Attach
reassign 813258 ftp.debian.org
retitle 813258 RM: Depends on gstreamer 0.10
severity 813258 normal
thanks
On Tue, Feb 16, 2016 at 11:23:57PM +0100, Moritz Mühlenhoff wrote:
> On Sun, Jan 31, 2016 at 08:16:47AM +0530, Jonas Smedegaard wrote:
> > Quoting Moritz Muehlenhoff (2016-01-31
On Wed, Mar 02, 2016 at 09:01:34PM +0100, Yves-Alexis Perez wrote:
> On mer., 2016-03-02 at 20:06 +0100, Moritz Muehlenhoff wrote:
> > Before considering that, did anyone approch grsecurity whether we can get
> > access to the grsecurity stable patches? We would most definitely have
> > Debian
> >
On Fri, Mar 25, 2016 at 06:14:35PM +0100, Emmanuel Bourg wrote:
> Le 25/03/2016 18:07, Moritz Muehlenhoff a écrit :
>
> > stretch should only provide one version of Tomcat.
>
> I agree, however like tomcat6 we'll keep the src:tomcat7 package to
> build the Servlet API only (libservlet3.0-java). I
On Sun, Feb 07, 2016 at 02:28:04PM -0400, David Prévot wrote:
> Package: php-tcpdf
> Version: 6.0.093+dfsg-1
> Severity: serious
> Tags: security upstream
>
> According to their changelog [1], upstream fixed a security issue over a
> year ago:
>
> 6.2.0 (2014-12-10)
> - Bug #1005 "Security
On Tue, Mar 29, 2016 at 05:13:51PM +0200, Santiago Ruano Rincón wrote:
> Source: debian-security-support
> Version: 2015.04.04
> Severity: serious
> Tags: -1 + patch
> Justification: Fails to build from source
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Dear Maintainer,
>
> A jessi
On Sun, Feb 07, 2016 at 11:55:39PM +, D Haley wrote:
> Hi,
>
> I claim that this bug is blocked by mathgl, as mathgl has enabled c++11
> support. I'm not a maintainer on that package anymore.
>
> Mathgl's C++11 support has been re-enabled in HEAD after closing 800460 by
> disabling C++11 supp
On Fri, Aug 21, 2015 at 10:17:19PM +0100, Chris West (Faux) wrote:
> Source: rapidsvn
> Version: 0.12.1dfsg-3
> Severity: serious
> Justification: fails to build from source
> Tags: sid
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-CC: reproducible-bui...@lists.a
On Sat, Apr 02, 2016 at 01:23:59PM +, Mattia Rizzolo wrote:
> On Sat, Apr 02, 2016 at 04:04:35PM +0300, Dimitrios Eftaxiopoulos wrote:
> > Στις Σάββατο, 2 Απριλίου 2016 11:24:15 Π.Μ. EEST Moritz Mühlenhoff έγραψε:
> > > On Sun, Feb 07, 2016 at 11:55:39PM +, D Haley
On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> >
> > For security I would like to have the following:
> > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 +
> > ca989269a2876bae79393bd54c3e72d49975fc75
> > -
On Mon, Jan 06, 2014 at 07:20:25PM +0100, Kurt Roeckx wrote:
> On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> > On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > > > On Sun, Dec 22, 2013 at 11:51:09PM
On Mon, Jan 06, 2014 at 07:41:05PM +0100, Kurt Roeckx wrote:
> On Mon, Jan 06, 2014 at 07:35:40PM +0100, Moritz Mühlenhoff wrote:
> > On Mon, Jan 06, 2014 at 07:20:25PM +0100, Kurt Roeckx wrote:
> > > On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> > > &
On Sun, Jan 05, 2014 at 02:47:39AM -0800, Vincent Cheng wrote:
> Hi,
>
> > Package: mozjs17
> > Severity: serious
> >
> > This package forks a local copy of the Iceweasel Javascript engine which is
> > no longer supported with security updates (currently only the ESR24 series
> > is maintained)
>
On Sun, May 11, 2014 at 07:20:34PM +0200, David Suárez wrote:
> Source: kradio4
> Version: 4.0.7-2
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20140510 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all packages in sid,
On Tue, Apr 22, 2014 at 05:48:51PM +0200, Moritz Muehlenhoff wrote:
> Package: ghostscript
> Version: 9.05~dfsg-8.1
> Severity: important
>
> As pre-announced in
> https://lists.debian.org/debian-devel/2013/12/msg00570.html
> it is planned to remove lcms1 for jessie.
>
> According to the changel
On Thu, Jul 31, 2014 at 09:07:22PM +0200, Felix Geyer wrote:
> Hi Moritz,
>
> On Wed, 23 Jul 2014 16:05:25 +0200 Moritz Muehlenhoff wrote:
> > Package: kde4libs
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi,
> > please see https://bugzilla.novell.com/sho
On Wed, Jul 09, 2014 at 01:26:22AM +0100, Steven Chamberlain wrote:
> Hi,
> So I'm obviously asking here - could we just drop SCTP from the default
> kernel config? In jessie/sid? Even in wheezy-security?
We can certainly do this for wheezy-security if the kfreebsd maintainers
think it's the bes
On Sun, Sep 28, 2014 at 11:27:03AM +0200, Andreas Cadhalpun wrote:
> So would you please explain why you see a problem?
It has all been written before, I'm not going to repeat
it all over again. We can pick libav _or_ ffmpeg for jessie+1.
EOD for me.
Chromium using a local copy of the lib doesn't
On Wed, Oct 01, 2014 at 04:32:24PM +0200, Andreas Cadhalpun wrote:
> >However, I can understand why one embedded
> >code copy is better than one embedded code copy plus a library in
> >addition to it.
>
> This would be understandable, yes.
>
> There are now two options:
> a) Let FFmpeg migrate to
On Sun, Sep 28, 2014 at 06:41:58PM +0200, David Suárez wrote:
> Source: fbi
> Version: 2.07-14
> Severity: serious
> Tags: jessie sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20140926 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all packages in sid, your
On Sat, Oct 04, 2014 at 04:34:11PM +0200, David Suárez wrote:
> Hi Moritz,
>
> El Viernes, 3 de octubre de 2014 16:45:52 Moritz Mühlenhoff escribió:
> > On Sun, Sep 28, 2014 at 06:41:58PM +0200, David Suárez wrote:
> > > Source: fbi
> > > Version: 2.07-14
&
On Wed, Sep 17, 2014 at 01:50:36PM +0200, Emmanuel Bourg wrote:
> Le 17/09/2014 12:57, Moritz Muehlenhoff a écrit :
>
> > That's not how we handle in Debian: If a library is shipped in Debian,
> > it is fully supported to be used by local libs.
> >
> > Anything in /usr/local or installed through
On Thu, Oct 03, 2013 at 02:26:28PM +0200, Ansgar Burchardt wrote:
> severity 711578 serious
> severity 714025 serious
> tag 666490 - moreinfo
> thanks
>
> Hi,
>
> there are only two rdeps remaining that still depend on svgalib. Both
> had enough time to get updated and a patch available for some
On Sat, Oct 19, 2013 at 04:06:06PM +0200, Ansgar Burchardt wrote:
> Package: chrony
> Severity: serious
> Version: 1.24-3+squeeze1
> X-Debbugs-Cc: t...@security.debian.org, debian-rele...@lists.debian.org
>
> The security update for chrony links against libreadline6 on
> amd64. However chrony is
On Fri, Feb 28, 2014 at 10:18:09AM +0100, Andreas Beckmann wrote:
> I absolutely disagree to losing the ability to trust that content
> shipped in Debian packages can only be modified with root privileges.
I very much agree.
I would've thought that would even be written down in the Debian policy
On Tue, Mar 11, 2014 at 07:11:42PM +0100, Didier 'OdyX' Raboud wrote:
> Le mardi, 11 mars 2014 17.31:44, vous avez écrit :
> > On Tue, Mar 11, 2014 at 02:57:53PM +0100, Didier 'OdyX' Raboud wrote:
> > > Can I proceed with the upload?
> >
> > Please go ahead.
>
> Uploaded, thanks. Do you need any
reassign 751916 ftp.debian.org
retitle 751916 RM: obsolete, unmaintained
severity 751916 normal
thanks
On Tue, Jun 17, 2014 at 09:37:46PM +0200, Moritz Muehlenhoff wrote:
> Source: libphash
> Severity: serious
>
> - The last maintainer upload was four years ago and since then it
> required five
On Mon, Aug 18, 2014 at 06:10:52PM +0200, Markus Koschany wrote:
> Control: tags -1 patch
>
> I am not absolutely sure how libdevilc2 ended up with a dependency on
> liblcms1 again because it already depends on liblcms2-dev but the most
> probable explanation might be that liblcms1-dev was still i
On Tue, Aug 19, 2014 at 11:47:24PM +0200, Markus Koschany wrote:
> On 19.08.2014 22:45, Moritz Mühlenhoff wrote:
> [...]
> > Thanks for the additional investigation, shall I sponsor the upload for
> > you or do you have a regular sponsor?
> >
>
> Hi Moritz,
>
&
On Sat, Aug 23, 2014 at 05:33:48PM -0400, Ari Pollak wrote:
> Is this something that can be taken care of with a binNMU after liblcms1 is
> removed?
That's chicken and egg; FTP masters won't remove lcms until the reverse
deps have been cleared.
> I'm not sure there's much I can do at this point
On Mon, Jun 03, 2013 at 08:30:30AM +0200, Didier Raboud wrote:
> Hi Chris,
>
> Le mardi, 9 août 2011 22.42:39, Moritz Muehlenhoff a écrit :
> > Chris, almost a year has passed. Do you agree with removal from
> > unstable or what's your plan for foomatic-gui?
>
> It's been one more year-and-a-half
On Tue, Jun 25, 2013 at 10:52:24PM +0200, Yves-Alexis Perez wrote:
> On mar., 2013-06-25 at 18:34 +0200, Moritz Muehlenhoff wrote:
> > For lenny we should announce it's end of life as we recently did in the
> > chromium and icewerasel DSAs. Agreed?
>
> I think you mean Squeeze?
Yes.
> As we alr
On Fri, Sep 12, 2014 at 11:34:31PM +0200, Emmanuel Bourg wrote:
> Looking at the reverse dependencies of libstruts1.2-java, it seems it
> isn't much used. There are:
> - src:libspring-java, it builds libspring-web-struts-java which isn't used.
> - src:easyconf, it builds libeasyconf-java with a sug
his build failure can also be reproduced in Squeeze.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH Linux for Your Business fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen f
le (currently Lenny, our
next release will be based on Squeeze).
I've verified that rebuilding libdbi/Squeeze with the attached patch (same as
Gert's, but for Squeeze) fixes the test suite failures for gammu/Squeeze.
It would be nice if this were fixed in a point update.
Cheers,
Mori
On Sat, Jan 15, 2011 at 12:21:16AM +0100, Moritz Muehlenhoff wrote:
> Package: sssd
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4341
> for description and patch.
What's the status?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
On Tue, Jan 18, 2011 at 11:36:01PM +, Tzafrir Cohen wrote:
> Package: asterisk
> Version: 1:1.6.2.9-2
> Justification: user security hole
> Severity: grave
> Tags: security patch upstream
>
> *** Please type your report below this line ***
> The Asterisk project has reported security advisory
On Sat, Jan 15, 2011 at 12:37:29AM +0100, Moritz Muehlenhoff wrote:
> Package: libuser
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0002 for
> a description and patch. I'm not really sure if Debian is affected?
Ghe,
Are you still maintaini
On Tue, Jan 25, 2011 at 09:56:45PM +0100, Petter Reinholdtsen wrote:
> [Moritz Mühlenhoff]
> > What's the status?
>
> Been too busy with work and real life to look at sssd, and welcome NMUs
> to fix it. It is unlikely to change before Squeeze is released, but I
> hope
On Wed, Jan 26, 2011 at 07:46:32PM +0100, Damien Raude-Morvan wrote:
> Hi,
>
> Le mardi 25 janvier 2011 23:02:18, Moritz Muehlenhoff a écrit :
> > See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4438
> >
> > Please get in touch with Oracle to check, what "unspecified
> > vulnerability"
On Wed, Jan 26, 2011 at 08:56:06AM +0300, Michael Tokarev wrote:
> 26.01.2011 00:25, Moritz Muehlenhoff wrote:
> > Package: kvm
> > Severity: grave
> > Tags: security
> >
> > Please see the following entry in the Red Hat bugzilla:
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0011
>
>
On Tue, Jan 25, 2011 at 09:28:40PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Jan 18, 2011 at 11:36:01PM +, Tzafrir Cohen wrote:
> > Package: asterisk
> > Version: 1:1.6.2.9-2
> > Justification: user security hole
> > Severity: grave
> > Tags: security patch
On Wed, Jan 26, 2011 at 03:24:19PM -0600, Raphael Geissert wrote:
> Package: isc-dhcp-server
> Version: 4.1.1-P1-15
> Severity: grave
> Tags: security patch
>
> Hi Ari,
>
> Just as a public record, the following advisory (CVE-2011-0413[0]) has been
> published by ISC[1]:
>
> > When the DHCPv6 s
On Thu, Feb 03, 2011 at 06:33:04AM +1000, Andrew Pollock wrote:
> On Wed, Feb 02, 2011 at 09:15:39PM +0100, Moritz Mühlenhoff wrote:
> >
> > Why was there no maintainer reaction since a week? No we need to prepare
> > a DSA for this :-/
> >
>
> There was no main
On Thu, Feb 10, 2011 at 08:02:48PM +0200, Faidon Liambotis wrote:
> Faidon Liambotis wrote:
> >I can do the uploads (lenny hasn't been uploaded either, right?) but I'm
> >afraid it'll be with minimal testing. Moritz, is that acceptable?
> >Certainly better than having a remote exploitable hole...
>
curity uploads.
>
> Thanks for your report!
Thanks!
I saw your mail on debian-release. I'll test the spu version once uploaded.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
Univention GmbH
sed 's/^Version:
> \(.\+\)-[^-]\+$$/\1/')
>
>
> So it should work since 1.06-1 (and does for me).
>
> Could you please take a look too, before I close the bug with this
> version?
Thanks! I confirm that it's fixed in 1.06-2.
Cheers,
Moritz
--
Moritz Mühl
ices in any tests since Yahoo changes these
> periodically.
Thanks!
I've cherrypicked the upstream test suite fixes from 1.16 and now the build
succeeds.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenh...@univention.de
Open Source Software Engineer and Consultant
matches "upstream"
> > > code +version. Avoids FTBFS when the package revisiion contains
> > > non-digits (e.g. +stable/security updates). Thanks to Moritz
> > > Muehlenhoff. Closes: #612922
> >
> > Please go ahead.
>
> Package uplo
On Tue, Feb 22, 2011 at 10:59:16PM +0100, Moritz Muehlenhoff wrote:
> Package: evince
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.gnome.org/show_bug.cgi?id=640923 for
> a description and patch.
This is CVE-2011-0433.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to d
On Tue, Feb 22, 2011 at 11:00:29PM +0100, Moritz Muehlenhoff wrote:
> Package: vftool
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.gnome.org/show_bug.cgi?id=640923
> for details and a patch. (While this bug is for evince, it
> also applies to vftool).
This is CVE-2011-0433.
On Fri, Feb 25, 2011 at 09:32:41PM +0100, Joachim Wiedorn wrote:
> Edgar Sippel wrote on 2011-02-25 19:36:
>
> > |Warning: /etc/lilo.conf should be readable only for root if using PASSWORD
> >
> > When checking file permissions afterwards, I found the file being
> > world-readable:
> >
> > |bl
On Tue, Mar 01, 2011 at 07:46:10PM +0100, Joachim Wiedorn wrote:
> Moritz Mühlenhoff wrote on 2011-02-28 17:30:
>
> > does this affect the version of lilo in oldstable or stable?
>
> No it does not affect oldstable / stable. The problem was introduced with
> the new sc
On Thu, Mar 24, 2011 at 09:36:41PM +0100, Joachim Wiedorn wrote:
> Hello!
>
> The user security hole in lilo is fixed with the latest version 23.1-2
> of lilo. Please update the security tracker.
Thanks, updated.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@list
On Fri, Jul 29, 2011 at 07:05:06PM +0200, Jordi Mallach wrote:
> I have prepared a package in SVN which is ready for upload. Before doing
> so, Moritz, can you look at this additional patch I found in the 2.4 SVN
> branch?
>
> svn diff -r4780:4781 svn://svn.clusterresources.com/torque/branches/2.
On Wed, Aug 24, 2011 at 09:15:42PM +0200, Sylvestre Ledru wrote:
> Source: avifile
> Version: 1:0.7.48~20090503.ds-3
> Severity: serious
> Tags: wheezy sid
> User: debian...@lists.debian.org
> Usertags: qa-ftbfs-20110822 qa-ftbfs
> Justification: FTBFS on amd64
>
> Hi,
>
> During a rebuild of all
retitle 638214 FTBFS: ICE on amd64
thanks
On Wed, Aug 17, 2011 at 08:29:26PM +0200, Moritz Muehlenhoff wrote:
> Package: elmer
> Severity: serious
>
> Hi,
> It's currently impossible to build elmerfem from source:
>
> dpkg-buildpackage: source package elmerfem
> dpkg-buildpackage: source version
On Fri, Sep 02, 2011 at 11:35:25PM +0200, Christoph Egger wrote:
> Package: src:avifile
> Version: 1:0.7.48~20090503.ds-5
> Severity: serious
> Tags: sid wheezy
> Justification: fails to build from source (but built successfully in the past)
>
> Hi!
>
> Your package failed to build on the buildd
On Fri, Apr 15, 2011 at 12:29:42PM -0400, Jim Salter wrote:
> Package: webalizer
> Version: 2.01.10-32.4
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> A server I admin running Debian Lenny with the current version of
> webalizer installed was exploited through w
Hi,
> * Moritz Mühlenhoff [2011-02-14 10:27:55 CET]:
> > Am Montag 14 Februar 2011 04:24:35 schrieb John Lightsey:
> > > Yes, I can reproduce the FTBFS with 1.14. This was corrected upstream
> > > with 1.16 which is already in testing and unstable. The newer ve
On Sun, Jun 26, 2011 at 08:49:12AM +0300, Niko Tyni wrote:
> On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote:
> > On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote:
> > > Package: perl
> > > Severity: grave
> > > Tags: security
> > >
> > > Hi Perl maintainers,
>
On Thu, Jan 27, 2011 at 09:53:10AM -0430, Miguel Landaeta wrote:
> On Tue, Jan 25, 2011 at 09:43:36PM +0100, Moritz Muehlenhoff wrote:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2087
> > Please get in touch with upstream, whether this has been addressed.
>
> I just notified upstre
On Sun, Jul 24, 2011 at 06:20:33PM +0200, Moritz Muehlenhoff wrote:
> Package: virtualbox-ose
> Version: 4.0.10-dfsg-1
> Severity: grave
> Tags: security
>
> Does this affect the versions in Debian?
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
> http://cve.mitre.org/cgi-bin/cv
On Thu, Jun 23, 2011 at 07:42:01AM +0200, Ondřej Surý wrote:
> forcemerge 631286 631347
> tags 631286 +squeeze wheezy sid
> Thank you
>
> Hi,
>
> I already notice the bug when you reported it in postgresql and cloned the
> bug.
>
> Yes, the php5 is affected, but only squeeze and onwards (writin
On Mon, Jun 04, 2018 at 12:47:48PM -0400, Reinhard Tartler wrote:
> Ok, thanks. That sounds like a good plan!
BTW, I'm not sure if Talos security actually reported these to the
censenta/mongoose upstream project or whether they're doing it
for the security buzz/advertising factor...
I saw that up
retitle 900848 RM: skipfish -- RoM; dead upstream, RC-buggy
reassign 900848 ftp.debian.org
severity 900848 normal
thanks
On Fri, Jun 08, 2018 at 08:41:06AM +0200, bart...@fenski.pl wrote:
> Hey Moritz,
>
> Yeah I think we should remove that package at this point.
> Thanks a lot for taking care of
On Thu, Jun 14, 2018 at 02:10:27PM +0100, Chris Lamb wrote:
> Chris Lamb wrote:
>
> > > redis: multiple security issues in Lua scripting
> >
> > This has now been assigned CVE-2018-11219 & CVE-2018-11218.
>
> Security team, oermission to upload the attached to
> stretch-security?
>
> redis (3
On Sat, Jun 16, 2018 at 04:09:04PM +0100, Chris Lamb wrote:
> Hi Moritz,
>
> > For future updates please include the git commit IDs to debian/patches
>
> Sure. I've added commit IDs to the files in debian/patches and
> uploaded redis_3.2.6-3+deb9u1_amd64.changes with those — and no
> other! — cha
On Sat, Feb 02, 2019 at 01:22:47AM +0900, Youhei SASAKI wrote:
> Hi,
>
> Thanks to ping. I'll try it this weekend.
ping :-)
Cheers,
Moritz
On Mon, Feb 11, 2019 at 03:07:36PM +0100, Chris Lamb wrote:
> [Adding t...@security.debian.org to CC]
>
> Chris Lamb wrote:
>
> > retitle 922027 CVE-2019-6975: Memory exhaustion in
> > django.utils.numberformat.format()
> > severity 922027 grave
> > found 922027 1:1.10.7-2+deb9u3
> > tags 922027
On Mon, Jun 04, 2018 at 11:47:35PM +0200, Andreas Beckmann wrote:
> Source: nvidia-graphics-drivers-legacy-304xx
> Version: 304.137-5
> Severity: serious
> Tags: sid buster upstream wontfix
>
> The 304.xx legacy series is EoL upstream and won't be updated for the
> latest Xorg.
>
> Let's get it o
On Mon, Nov 12, 2018 at 02:36:23PM +, Luca Boccassi wrote:
> On Mon, 2018-11-12 at 13:47 +0100, Andreas Beckmann wrote:
> > On 2018-11-11 13:54, Luca Boccassi wrote:
> > > https://nvidia.custhelp.com/app/answers/detail/a_id/4738
> >
> > So we expect new releases soon. There is already 415.* ..
On Sat, Feb 16, 2019 at 10:35:05PM +0500, Andrey Rahmatullin wrote:
> On Sat, Feb 16, 2019 at 12:33:08PM +, Debian Bug Tracking System wrote:
> > Processing commands for cont...@bugs.debian.org:
> >
> > > severity 776246 grave
> > Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-201
On Thu, Dec 13, 2018 at 08:55:05PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Jun 05, 2018 at 11:12:34PM +0200, Moritz Muehlenhoff wrote:
> > On Sun, Jun 26, 2016 at 12:21:20PM +0200, Kurt Roeckx wrote:
> > > OpenSSL 1.1.0 is about to released. During a rebuild of all pac
On Thu, Jan 10, 2019 at 08:39:36PM +0100, Joost van Baal-Ilić wrote:
> Hi Moritz,
>
> On Thu, Jan 10, 2019 at 08:33:05PM +0100, Moritz Mühlenhoff wrote:
> > On Mon, Nov 05, 2018 at 03:13:08PM +0100, Joost van Baal-Ilić wrote:
> > >
> > > FWIW, this work:
> >
On Wed, Feb 20, 2019 at 02:12:55AM +0500, Andrey Rahmatullin wrote:
> On Tue, Feb 19, 2019 at 10:00:34PM +0100, Moritz Mühlenhoff wrote:
> > If a transition (even though it's marginal in size) isn't an option at this
> > point
> That's not for me to decide. Sho
On Wed, Feb 20, 2019 at 08:51:16AM +0100, Moritz Muehlenhoff wrote:
> On Wed, Feb 20, 2019 at 12:28:48AM +0100, Sebastian Andrzej Siewior wrote:
> > On 2017-10-12 23:44:37 [+0200], To 859...@bugs.debian.org wrote:
> > > this is a remainder about the openssl transition [0]. We really want to
> > > r
On Tue, Jan 15, 2019 at 10:31:17AM +, Kevin Smith wrote:
> On 27 Dec 2018, at 22:52, Moritz Mühlenhoff wrote:
> >
> > On Fri, Dec 07, 2018 at 01:41:47PM +, Kevin Smith wrote:
> >> Apologies, I’d forgotten that we’d prepared an update from upstream and
> >&g
On Fri, Oct 13, 2017 at 12:24:26AM -0400, Sam Hartman wrote:
> There's a new upstream for moonshot-trust-router that I believe should
> work with openssl 1.1.
> Realistically, I should be able to deal with moonshot-gss-eap #848680
> within a month.
> I think it may be more like two months to deal w
On Wed, Feb 20, 2019 at 05:30:35PM -0500, Sam Hartman wrote:
> Is it possible to remove openssl and make moonshot-trust-router
> uninstallable?
That might be possible, I'll check with the FTP masters.
Cheers,
Moritz
reassign 922806 python-selenium
severity 922806 important
thanks
On Wed, Feb 20, 2019 at 11:19:53PM +0100, Jens- Birger Schlie wrote:
> Package: chromium-driver
> Version: 70.0.3538.110-1~deb9u1
> Severity: grave
> Justification: renders package unusable
>
> Before this worked like a bliss.
>
>
On Thu, Feb 21, 2019 at 11:37:02PM +0100, Sebastian Andrzej Siewior wrote:
> The debian maintainer of this package looks MIA. Nobody spoke up for
> keeping it so far. I'm happy to NMU it so it builds against libssl-dev
> but I see little to no reason for it. I think we have alternatives which
> *ar
severity 921156 important
thanks
On Tue, Feb 19, 2019 at 11:24:47PM -0600, Stephen Gelman wrote:
> On Tue, 12 Feb 2019 09:32:48 +0700 Arnaud Rebillout
> wrote:
> > I looked into this a bit yesterday.
> >
> > As mentioned in the issue upstream at
> > https://github.com/etcd-io/etcd/issues/9353, th
On Fri, Feb 15, 2019 at 07:28:57PM +0100, Cyril Brulebois wrote:
> Right, this also breaks the build of the debian-installer source package
> on amd64 since its build dependencies cannot be satisfied.
Is there an ETA for a fix?
Cheers,
Moritz
On Tue, Mar 05, 2019 at 06:46:51PM +0100, Roland Gruber wrote:
> About #923736 it seems the link is wrong. LDAP Account Manager depends
> on TCPDF.
So then you should formally adopt it and take care of all security issues
which affect it during the buster lifecycle.
Cheers,
Moritz
Am Thu, Apr 22, 2021 at 09:53:24AM -0700 schrieb Zach Marano:
> Hi, since this package was brought into Debian in ~2018, there have been
> several transformations in the GCE guest software stack and thus the
> current landscape is very different. Google doesn't actually maintain the
> official Debi
Sorry for the late reply, got backlogged in my inbox.
Am Mon, Apr 12, 2021 at 11:18:16AM +0100 schrieb Ximin Luo:
> It looks like these CVEs affect all versions up to 1.52 (which is not yet
> released).
>
> Do you have links to patches fixing these bugs that can be backported to
> 1.48? We've h
901 - 1000 of 1031 matches
Mail list logo
